After reading this article you will learn about Computer-Assisted Audit Techniques (CAATs).
Introduction to Computer-Assisted Audit Techniques (CAATs):
When planning the cost audit, the cost auditor should consider an appropriate combination of manual and computer-assisted audit techniques (CAATs).
In determining whether to use CAATs, he should take into account:
(i) His computer knowledge, expertise and experience.
(ii) Availability of CAATs and suitable computer facilities.
(iii) Impracticability of manual tests.
(iv) Effectiveness and efficiency.
In an EDP environment, the control procedures take basically two stages:
1. Manual Procedure—i.e. the clerical work done up to the translation of data into machine-sensible form. This stage, being manual, is subjected to usual internal control conditions and the Cost Auditor will have little difficulty in appraising them by means of ‘compliance test’ and ‘substantive’ test’.
2. Computer Procedures—i.e. the computer processing work. Auditing in this area is actually a complex activity, for which the Cost Auditor as a prudent person should develop himself for adequate EDP knowledge. Before he actually starts to conduct his audit in EDP environment, he should envisage to maintain an ‘Audit Control File’, as his valuable kit.
The Computer Audit Control File may be built up containing full details of the system including:
(i) Copies of all source documents and the details of the checks that have been done to ensure their accuracy.
(ii) Details of physical control over source documents and any control totals on numbers, quantities, values, including the names of the personnel keeping these controls.
(iii) Full description of how the source documents are to be converted into input media, and the check-cum-control device.
(iv) A detailed account of the manual internal controls contained in the system, e.g. separation of programmers from operators, control of assets from record keeping, etc.
(v) The arrangements for retaining source documents and input media for the required periods necessitating reconstruction of stored files in the event of error, mishap, loss, etc.
(vi) A detailed Flow Diagram of what takes place during the process run.
(vii) Details of all tapes or discs produced, including their layout, labelling, storage and retention, and
(viii) Copies of all documents of output and details of subsequent sorting and checking.
Steps for CAAT Applications:
The major steps to be undertaken by the cost auditor in the application of a CAAT in performing cost audit under EDP environment are as follows:
(a) Setting the objective of the CAAT application.
(b) Determining the content and accessibility of the entity’s files.
(c) Defining the transaction types to be tested.
(d) Defining the procedures to be performed on the data.
(e) Defining the output requirements.
(f) Identifying the audit and computer personnel who may participate in the design and application of the CAAT.
(g) Refining the estimates of costs and benefits.
(h) Ensuring that the use of the CAAT is properly controlled and documented.
(i) Arranging the administrative activities, including the necessary skills and computer facilities.
(j) Executing the CAAT application.
(k) Evaluating the results.
CAAT Audit Working Papers:
The standard of working papers and retention procedures for a CAAT should be consistent with that on the audit as a whole. It is advisable that the cost auditor should keep the technical papers relating to the use of the CAAT separate from the other cost audit working papers.
The cost auditor is expected to keep the following documents relating to the stages enumerated below, and his audit working papers should contain sufficient documentation to describe the CAAT application, such as:
i. CAAT objectives, duly defined in clear terms.
ii. Specific CAAT to be used considering the audit area and its nature and volume.
iii. Controls to be exercised in test runs and final runs with reference to data files, etc.
iv. Staffing, timing and cost.
(i) CAAT preparation and testing procedures and controls. .
(ii) Details of the tests performed by the CAAT.
(iii) Details of input, processing and output.
(iv) Relevant technical information about the computerised accounting system, such as computer files layouts.
(c) Cost Audit Evidence:
(i) Output provided.
(ii) Description of the audit work performed on the output.
(iii) Audit conclusions.
Recommendations to the management. In addition, it may be useful for the cost auditor to document suggestions for using the CAAT in future years.